How Just-in-Time privilege elevation prevents data breaches and lateral movement
Are inadequate security policies for privileged access making you highly vulnerable to security breaches and ransomware attacks?
In the weeks that followed the high-profile attack on the SolarWinds supply chain, it became clear that the threat actors infiltrated the company’s internal networks and cloud infrastructure through unrestricted privileged access. Once inside the network, they were able to move laterally in the system. This attack and many others reinforce the importance of an effective Privileged Access Management framework that enforces the principle of least privilege with Just-in-Time (JIT) privilege elevation.
By granting users unrestricted access to resources, organizations increase the risk associated with both internal and external threats. Least privilege based on the Just Enough and JIT model reduces that risk significantly. Implementing these security models gives users, applications, tasks, and commands the minimum required level of access for the duration needed, in time to complete the task.
“Privileged access carries significant risk. Even with PAM tools in place, the residual risk of users with standing privileges remains high. IAM leaders must implement just-in-time strategies to pursue zero standing privileges.” – Gartner report, Reduce Risk Through a Just-in-Time Approach to Privileged Access Management.
Now let us explore the key reasons why businesses and enterprises must implement a true least privilege security model when deploying a modern PAM solution.
Reasons why you need Just-in-Time privilege elevation
Minimize attack surface
The explosion of human and machine identities has significantly increased the attack surface, or the number of points in a system or environment where attackers can attempt to enter. Many organizations disregard well-known security practices by continuing to grant and maintain long-standing privileges to users.
Every privileged account is a potential attack vector, and every additional account increases your attack surface. Cyberattack risk is reduced when you eliminate as many of these accounts as possible. If you currently allow your administrators to create personal privileged accounts, then eliminating these accounts is the first step to reducing your attack surface. Make sure to avoid standing privileges and enforce least privilege based on approved JIT access request workflows.
Reduce lateral movement
A recent Sophos report indicates that attacker dwelling time increased by 36% last year, with a median intruder dwell time of 15 days in 2021, compared to 11 days in 2020. Longer access gives attackers more opportunities to move laterally in the network. Time is of the essence here. You can limit the damage caused by privileged account abuse in two ways:
- By reducing the amount of time an attacker has to gain access to the account.
- By reducing the time attackers have to move laterally from a compromised account to other critical systems.
Shifting from persistent privileges to JIT privileges or on-demand privileges will help slow the spread of a ransomware attack and make it more difficult for attackers to move around the network. Even in cases where malicious users manage to compromise system passwords, JIT access mitigates attack risk by making the privilege or account unavailable after a certain period. With dynamic access controls, you can configure privileges so users can only use privileges for a specified period, at specific times, on certain servers, or other criteria.
A typical cyber attack chain
According to the Gartner report: Reduce Risk Through a Just-in-Time Approach to Privileged Access Management, “By the year 2025, 75% of cyber insurance providers will mandate the use of JIT PAM principles.” With increasing requirements, cyber insurance is becoming more expensive and harder to obtain. Prepare for the future by addressing now all internal and external regulatory requirements that involve removing excess privileges and access tracking.
Every major compliance regulation and industry mandate promotes the best practice of minimizing the number of privileged accounts and having full audit trails of user activity with enough detail to determine what events occurred, who performed them, and the outcome. Regulations like PCI DSS, HIPAA, SOX, NIST, and CIS security controls recommend or require implementing a least privilege model as part of a compliance solution. During an audit, you may need to demonstrate how the principle of least privilege is applied and enforced in your organization to control administrative accounts. The joint cybersecurity advisory from the FBI and CISA recommends regularly auditing administrative user accounts and configuring access control under the concept of least privilege.
Increase operational efficiency
Just-in-Time privilege elevation simplifies the administrator experience by removing the need for review and access approval cycles. Typically, workflow-based access requests are implemented. These manual workflows can cause an inherent delay unless they’re auto-approved, which is possible but would defeat certain security elements. The access request then goes to an approver who investigates the request, looks at the context, and finally approves or denies the request.
Just-in-Time privilege elevation goes beyond human-interacted manual workflows, especially in the cloud. Since JIT privilege elevation eliminates standing privileges, many IT tasks are also eliminated, such as credential rotation, privileged access expiration, and account deletion. If your existing PAM solution does not provide such capabilities, consider a modern PAM solution that enables you to accommodate cloud use cases. Legacy solutions are still very manual in nature and ill-adapted for cloud environments.
Implement zero trust best practices
The popularity and necessity of adopting a zero trust framework is increasing and is also enforced by the 2021 Executive Order on improving the nation’s cybersecurity. JIT privilege elevation plays a critical role in this strategy. The zero trust model tells us to remove explicit trust in our users—never trust, always verify. Insider threats are real and an administrator with discretionary access to privileged accounts can fly under the radar.
An external cyber attacker who compromises an administrator will inherit these privileges and can use them to gain access to the server network to exfiltrate data or encrypt it for ransom. We must eliminate broad and discretionary access, remove accounts with standing privileges, enforce least privilege, and enable JIT access request workflows for legitimate time-bound access.